Today about Ransomware or how someone may want to encrypt your data and then with great courtesy ask you for money.
Ransomware is a cluster of words from the English language Ransom - ransomware and software - software. Generally, we have two types of such threats. The first is not very effective, which makes it little known and rarely used. It involves blocking access to the computer. With a little "IT" knowledge, we are able to circumvent this quite quickly, and therefore it is not a problem. The problem is the second type, which involves encrypting your data. It's more advanced and much more effective, so that's what we'll deal with today.
Who is exposed?
Mainly larger companies, hospitals, institutions, power plants will be targeted because they will pay better. Often more critical infrastructure and often neglected IT department like hospitals, waterworks, government offices, it can be different. The targets of attack are different, but contrary to appearances, we are not quite safe being an individual user or a small company, because we can accidentally get "shrapnel". Besides, the more infected, the higher the chances of the likelihood of paying the ransom. That is, we should definitely not feel safe. This is not a good idea.
How can we become encrypted?
There are many options, but it generally boils down to a few basic ones. For example, the first of such standard say: clicking on strange links in various nooks and crannies of the Internet where we basically shouldn't be. The second of such standard ones is clicking on links from emails coming in from no one knows where, either? Clicking and entering any data there I strongly discourage. Going further: opening attachments from mail, supposedly of known origin. Please note that email headers can be manipulated, and it may seem to you that it is an email from someone you know, for example with an invoice or other document, in what you expect to be an attachment, but may actually be malware. Also it is not completely safe. Another thing is installing game software from the Internet, from strange sources, not known. This is also something we simply should not do, it is asking for trouble. But here beware: one could get such a strange idea in the form of: I'm smart, I don't click, nothing will happen to me. In the vast majority of cases this will be the case, while I would be far from total peace of mind. Note that the software we use, for example, a browser or any other programs, their code can be broken. The fact that we trust this software because we have been using it for years, making us unlikely to suspect anything and they can really do us a problem. Browser, plug in from the browser, or this type of software. Besides, if we already use the program are two such quite classic examples: Team Viewer-very many users use it, in general it's good software, while some time ago, it went fairly unnoticed, but they had a fairly serious problem that actually managed to get through unauthorized users to practically every computer with Team Viewer software installed and running. This is just an example of why we shouldn't have Team Viewer on the bar all the time. Next up is Solar Winds. A lesser-known company in Europe. They do management, infrastructure and monitoring.
Also its software was taken over and to make things funnier, quite a lot of their software was installed on computers from Microsoft itself. By which the attackers, by taking over Solar Winds, de facto took over a great many computers from Microsoft itself. Besides, let's remember that the software we currently have installed, it could be that someone discovers holes in such software that were never known before. Which again brings us to the point where we are potentially vulnerable.
With this, I wanted to summarize that it is not at all the case that we have to. I mean, sorry, it is generally the case that we are the ones who have to do something, click, confirm, touch. But this is not always the case. One should not feel safe. This generally leads in the wrong direction.
In practice, if the attack is carried out successfully, that is, it already encrypts our data, it is generally carried out "well". Sometimes it happens that the keys flow out after some decryption time, or the criminals make some big mistake that allows decryption, but I would definitely not count on it. Even if there is any chance of that happening, it takes time, but it is definitely unlikely.
Do you pay?
In general, we should not do this. On the other hand, there will be more than one case when we will not be prepared for some reason for such an option. We will not have a safety copy, we will not have a strategy prepared to know what to do in such a case. It may turn out that the only option, however, will be to pay. However, let's remember one thing: payment does not at all equal data recovery. Although some of these "entrepreneurs" seem to act quite honorably. There is another problem, which is, one, that the data has been encrypted and two, that we have no assurance that whoever got on our computer and encrypted it, that they did not export it to themselves and are not in possession of it themselves. This is another pretty serious problem. The next issue, if we want to pay, let's do it quickly. Because it can happen, it has already happened, that the servers managing such a procedure are found and shut down, making such an infrastructure criminals could not manage, and despite the sincere desire to pay, they were not able to decrypt the data of the "customers".
How do you protect yourself?
The issue is complex. If anyone says that you are completely safe, that their antivirus or any other software makes everything ok, that there is nothing to worry about then I would take a step or two back and think about it. Security is a complex issue. I think we should treat it like the onion from Shrek. That is, it has layers. The more of those layers the better. I would never try to rely on just one thing. The most important and basic thing is antivirus. What company, that is less important than that it is and will be some reasonably well-known and reasonably popular antivirus and that it is updated. It really can make a lot of things easier for us. The next thing is to keep the software up to date, not only the antivirus but also Windows or any other software we use. I've mentioned before, there are cases where problems are detected in the software and in the latest updates they are caught and corrected. By which, as it were, even though the problem is detected it is often fixed. If we don't update the software, we are potentially exposing ourselves to potential exploitation of already detected problems. The same goes for wi-fi routers, printers, I know it sounds strange, but these are all things through which it is possible to get into our wi-fi network and potentially do harm to our data, our computers or even our devices.
The issue is complex. If anyone says that you are completely safe, that their antivirus or any other software makes everything ok, that there is nothing to worry about then I would take a step or two back and think about it. Security is a complex issue. I think we should treat it like the onion from Shrek. That is, it has layers. The more of those layers the better. I would never try to rely on just one thing. The most important and basic thing is antivirus. What company, that is less important than that it is and will be some reasonably well-known and reasonably popular antivirus and that it is updated. It really can make a lot of things easier for us. The next thing is to keep the software up to date, not only the antivirus but also Windows or any other software we use. I've mentioned before, there are cases where problems are detected in the software and in the latest updates they are caught and corrected. By which, as it were, even though the problem is detected it is often fixed. If we don't update the software, we are potentially exposing ourselves to potential exploitation of already detected problems. The same goes for wi-fi routers, printers, I know it sounds strange, but these are all things through which it is possible to get into our wi-fi network and potentially do harm to our data, our computers or even our devices.
One of the next things. That proverbial sense: let's not click, let's not respond to a big shake for a million dollars just need to log in somewhere, or some Albanian prince or some other joys of that kind, let's not click, let's not even try to respond to those kinds of emails or text messages. Of the more high-tech solutions, the ideal would be that if we already want to install some strange software, go to strange places on the Internet then either do it on another computer, yes I know, another computer is a hassle. But you can install yourself a virtual machine, for example, and try strange things on it. That's kind of a solution. I know, more complicated, but still recommended.
The next thing, maybe no longer dal individual users, intrusion detection systems. I've already done an episode about this, too. This is a way already more advanced, may be necessary. The next most important thing is backup. If the data is in one place, it's self-consciously asking for trouble. All sorts of things happen. Crashes, Randsomware or whatever. Backap is just that thing that we always have to do. For a backup to be a backup, it has to be, first of all: on three different devices, that is, at our place and at two places with copies. In two different geographic locations. Remember, quite uninteresting things happen: fires, theft, etc. If we have a backup in the same computer, or in the same room, it can turn out to be very troublesome, because we will sincerely believe that everything works, everything is as it should be and it can turn out to be unpleasant information during theft, flooding, fire or anything else. Equally important, this backup of ours must be able to restore from a day ago, two, three, four. Please note that if we have automatic synchronization of data, but we do not have the ability to go backwards, then if our software encrypts the data in some place, the place where it is synchronized will also be encrypted. I allude to the fact that I often encounter in conversations that: I have two disks in my computer, so calmly. Well, yes, calmly, only that the task of these two drives is to synchronize with each other. If I have something encrypted on one, it automatically encrypts on the other drive.
Summary
What can we always do before? After is generally very ineffective. Let's always have a plan for what to do? What to do if my computer breaks down, if it encrypts my data, if my drive breaks down, whatever, let's put together such a plan in our heads before anything happens. If you are considering a comprehensive plan to protect your data in case of a crash or malicious activity, or just Randsomeware come in for a free consultation and remember: backup, backup, backup and more backup.